Controlling Yamaha AV RX-A830 from command line

At home I have been using a Yamaha AV RX-A380, it’s an home teather audio video solution where you can plug about everything you need (like 7 hdmi channel, spoiler alert there is something wrong with you if you have that many devices) and output to two other hdmi channel (like a tv and a projector).

It has integration for spotify, airplay, netradio and billions of connection to everything, just look at the damn back of this device :

Since I wanted to control it from the command line to automate it for home automation, I firebugged the web interface and reversed some of the REST calls in a nice bash script.

Here it is at your convenience to using or hack it :

This doesn’t support multi-zone and assume the web interface is resolvable to http://yamaha.local/ (it should be by default) so be aware. This may support other Yamaha AV devices but since I don’t have it I can’t say and you may have try, if it does kindly add a comment here soother would know 🙂

The trick to get your wordpress behind a reverse proxy

I have been meaning to get this blog SSL protected for a while and since solution like letsencrypt makes it easy I have generated some SSL keys for my domain  and configured it in apache.

So far so good, but the thing is my VM at my hosting provider is pretty small and I have been using varnish for quite some time or I would get out of memory quickly some the kernel OOM killer kicking[1] it.

Varnish don’t do SSL so you have to do something else, I went ahead and used Nginx to provide my SSL endpoint which then would look like this :

nginx-varnish-apache

I could have done it with apache virtualhosts which look like this :

apache-virtualhosts-varnish-ssl

I went finally for nginx since most people seems to say that it was more lean and quick for those kick of ssl accelerator job.

So far so good for the configuration, you can find those informations all over the internet, the nginx ssl configuration was a bit special so I can have the higher secure end of SSL encryption :

Now the thing didn’t work very well when accessing the website, I could not see any of th medias including JS and SSL since they were served on the old non ssl url. I tried to force the wordpress configuration to serve SSL but I would end up in a http redirect loop.

Finally I stumbled on this guy blog and looked at a hack to put in the wp-config.php file. I streamlined it to :

    
if ( (!empty( $_SERVER['HTTP_X_FORWARDED_HOST'])) ||
     (!empty( $_SERVER['HTTP_X_FORWARDED_FOR'])) ) {
    $_SERVER['HTTPS'] = 'on';
}
    

and that’s it, wordpress would then understand it would serve as HTTPS and would add its https url properly.

Hope this helps

[1] I had even a cron sometime ago to mysqlping my mysql server and restart it automatically if it was down since I was so sick of it

Upload to Rackspace Cloud Files in a shell script

I don’t really use much the GUI and always the command line so I don’t really use the Cloud File plugin I created for nautilus.

So here is a shell script to upload to Rackspace Cloud Files and give you back a shortened URL of the public URL file. Great for quick sharing… You have to install the zenity binary first..

[Update: this is now available here https://github.com/chmouel/upcs]

Unit conversion from zsh

Quick conversion from shell :

rsync like backup to Rackspace Cloud File with duplicity

It seems that there is no much documentation about how to do rsync like backup with duplicty so here it is :

#!/bin/bash
UPLOAD_TO_CONTAINER="backup" #adjust it as you like
export CLOUDFILES_USERNAME=Your Username
export CLOUDFILES_APIKEY=API_KEY_YOU_GOT
export PASSPHRASE=The Passphrase for your encrypted backup

duplicity /full/path cf+http://${UPLOAD_TO_CONTAINER}

This should take care to upload the backup files to the backup container. It does that incrementally and detect the changes to your file system to upload. There is much more option for duplicity look at the manpage for more info.

Using ProxyCommand with OpenSSH and a Bastion server.

So at work we have to use a bastion host for all our connections to servers to be able to get called PCI compliant. This kind of stuff could be a pain to use when you have to use another host to do RSYNC/SCP or other stuff that need direct transfer to workstation.

Thankfully OpenSSH is very flexible and have multiple options to easy the pain. If you add this to your ~/.ssh/config :

Host bastion
Hostname IP_ADDRESS_OF_BASTION_SERVER
User YOUR_USERNAME
ProxyCommand none
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p

Host *
ProxyCommand ssh -qax bastion ‘nc -w 600 %h %p’

This will allow you to pass all SSH requests to the bastion server.

I have experimented with different options and this seems to be most efficient way. The ControlMaster ControlPath is to speed up the connections by not reopening a tcp socket all the time to the bastion server. This seems to cause problems with the OpenSSH version shipped with some distros (ie: Fedora) so you may want to remove it if you experience problems. For the ProxyCommand there is way to use cat like this :

ProxyCommand ssh bastion ‘exec 3<>/dev/tcp/%h/22;(cat <&3 & );cat >&3’

but the cat processes seems to hang in memory on the bastion server so netcat seems a better option.  I heard that tcpconnect from the tcputils package should make things smoother but I haven’t tried that.

I have other options in my SSH configuration to allow to be less verbose see ssh_config(5) manpage for detailed description of each of these options :

Host *
ForwardAgent yes
GSSAPIAuthentication no
VerifyHostKeyDNS no
StrictHostKeyChecking no
HashKnownHosts no
TCPKeepAlive yes
ServerAliveInterval 600

By the way forgot to mention you would need to have SSH key exchange configured with the bastion server with a SSH agent runing (these days all distros should do that by default) to don’t have to type the password of your username on bastion server.

I have heard there is way to do that on Windows with putty and plink but I haven’t tried that see this post here about it.

Generating md5 encrypted password for chpasswd

If you want to generate properly encrypted password to feed to chpasswd, the most easier and proper way is to do that from command line :
[code lang=”bash”]
echo "encryptedpassword"|openssl passwd -1 -stdin
[/code]
If you want to generate in pure python you can do it like that :
[code lang=”python”]
def md5crypt(password, salt, magic=’$1$’):
import md5
m = md5.new()
m.update(password + magic + salt)

# /* Then just as many characters of the MD5(pw,salt,pw) */
mixin = md5.md5(password + salt + password).digest()
for i in range(0, len(password)):
m.update(mixin[i % 16])

# /* Then something really weird… */
# Also really broken, as far as I can tell. -m
i = len(password)
while i:
if i & 1:
m.update(‘x00’)
else:
m.update(password[0])
i >>= 1

final = m.digest()
# /* and now, just to make sure things don’t run too fast */
for i in range(1000):
m2 = md5.md5()
if i & 1:
m2.update(password)
else:
m2.update(final)
if i % 3:
m2.update(salt)
if i % 7:
m2.update(password)

if i & 1:
m2.update(final)
else:
m2.update(password)

final = m2.digest()

# This is the bit that uses to64() in the original code.
itoa64 = ‘./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz’
rearranged = ”
for a, b, c in ((0, 6, 12), (1, 7, 13), (2, 8, 14), (3, 9, 15), (4, 10, 5)):
v = ord(final[a]) < < 16 | ord(final[b]) << 8 | ord(final[c]) for i in range(4): rearranged += itoa64[v & 0x3f]; v >>= 6

v = ord(final[11])
for i in range(2):
rearranged += itoa64[v & 0x3f]; v >>= 6

return magic + salt + ‘$’ + rearranged

[/code]

You need to feed it up with a salt, like this :
[code lang=”python”]
def generate_salt(count):
import random, string
char = string.ascii_letters + string.digits + string.punctuation.replace(‘:’, ”)
return string.join(map(lambda x,v=char: random.choice(v), range(count)), ”)
[/code]

Automatic best resolution with xrandr

If you like me you have a big screen with your laptop and wants to automate when your X session start to get the best resolution, you can use that script :

[code lang=”bash”]
#!/bin/bash

function get_resolutions() {
xrandr|while read -a line;do
RES=”${line[1]}x${line[3]} ”
[[ ${RES} != [0-9]* ]] && continue
echo ${RES}
done
}

_BEST_RES=0
BEST_RES=
for res in $(get_resolutions);do
_res=${res/x/}
[[ $_res -ge ${_BEST_RES} ]] && {
BEST_RES=${res}
_BEST_RES=${_res}
}
done
xrandr -s ${BEST_RES}
[/code]

Automate SSH known_hosts cleanup

If you like me, you have to do a lot of installs[1] of the same test machine with the same IP and have to ssh it you will notice this annoying message :

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
54:9d:c0:37:3a:80:48:6c:82:ec:d1:84:93:61:24.
Please contact your system administrator.
Add correct host key in /home/cboudjnah/.ssh/known_hosts
to get rid of this message.
Offending key in /home/cboudjnah/.ssh/known_hosts:595
Password authentication is disabled to avoid
 man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid
man-in-the-middle attacks.
Agent forwarding is disabled to avoid man-in-the-middle attacks.

I have automated the cleanup by a script :
[code lang=”bash”]
#!/bin/bash
H=$1

[[ -z ${H} ]] && { echo “Need a host as argument”; exit 1 ;}
LINE=$(ssh -o StrictHostKeyChecking=yes $1 ‘exit’ 2>&1 | sed -n ‘/Offending key/ { s/.*://;s/r//;p }’)
[[ -z ${LINE} ]] && { echo “Nothing to clean”; exit; }
sed -i -n “$LINE!p” ~/.ssh/known_hosts[/code]
[1] Like having to tests bunch of FAI.